On November 7, China’s top legislature adopted a cybersecurity law to safeguard the sovereignty on cyberspace, national security, and the rights of citizens. The law has seven chapters that define specific regulations in various areas, such as network operational security (including key IT infrastructure), network information security, monitoring, alerting, and emergency situation handling as well as related legal responsibilities.
Some critics, especially those in Europe and the United States, continue to read too much into the negative impact of this legislation. I believe that it’s the reasonable move for the Chinese government to make in order to balance national security, citizen privacy, and economic openness. Foreign players in the Chinese market must revisit their local strategy and accelerate their digital transformation if they don’t want to miss the increasing needs and new opportunities regarding security and privacy:
The cybersecurity law has substantial advantages that benefit cybercitizens. For example, for the first time, the Chinese government requires that vendors providing cyberproducts and cyberservices must make clarifications to users and attain their approvals before they collect personal information. The new law also regulates that if companies leak or illegally sell personal information to third parties, they must bear legal responsibilities accordingly. These regulations mark a critical milestone in China’s journey toward personal privacy protection, and they are also important for consumers in the world’s largest market to protect themselves against internet fraud and spam messages.
Boring as it may appear, the World Conference on International Telecommunications (WCIT), which just took place in Dubai under the auspices of the International Telecommunications Union (ITU), matters to all Internet users globally. To us, the three most important questions that were discussed are:
Should national governments have greater influence over the global regulation of the Internet?
Should over-the-top providers (OTTs) like Google and business networks be governed by international telecom regulations?
Should the underlying business model of the Internet change from a free and neutral exchange of data to a “sender pays” model?